nginx-记录SSL握手失败 [英] nginx - log SSL handshake failures
问题描述
我正在运行启用了SSL的Nginx服务器.
I'm running an nginx server with SSL enabled.
我的协议/密码设置相当安全,我已经在ssllabs.com上进行了检查,但是-
My protocol / cipher settings are fairly secure, and I've checked them at ssllabs.com, but --
-由于这是我无法控制的http客户端调用的Web服务,因此我担心兼容性.
-- since this is a web service which is called by http clients that I have no control over, I have concerns about compatibility.
要点:
是否可以在nginx日志中记录SSL握手故障(如果发生)(如果发生)?
Is there a way to log SSL handshake failures as they happen (if they happen) in my nginx logs?
例如,我禁用了SSLv3,如果我尝试将"curl -3"(强制SSlv3)发送到我的服务器,则会显示以下信息:
For example, I've got SSLv3 disabled, and if I try to "curl -3" (forcing SSlv3) to my server, then I get this:
- NSS错误-12286(SSL_ERROR_NO_CYPHER_OVERLAP)
- 无法与对等方安全地通信:没有通用的加密算法.
- 关闭连接0 curl:(35)无法与对等方安全地通信:没有通用的加密算法.
- NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
- Cannot communicate securely with peer: no common encryption algorithm(s).
- Closing connection 0 curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
我也想在服务器日志中记录这种类型的错误,使用默认的nginx设置,什么都没有.
I would like to log this type of error in server logs too, with the default nginx settings, there is nothing.
为错误日志启用调试"日志级别将执行我想要的操作,将记录SSL握手错误-但不幸的是,它还会记录太多其他内容,从而使日志过于肿,淹没了其他可能有用的信息.
Enabling "debug" log level for the error log does what I want, will log SSL handshake errors -- but unfortunately it also logs too much other stuff, making the log too bloated, drowning out other potentially useful info.
推荐答案
您可以使用info
日志级别.
这篇关于nginx-记录SSL握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!